refactor: use auto save in the enforcer

BryanttV · BryanttV · commit 0dce5adaa89b · 2025-09-05T16:23:51.000-05:00
diff --git a/openedx_authz/apps.py b/openedx_authz/apps.py
@@ -49,6 +49,8 @@ def ready(self):
         from django.contrib.auth import get_user_model
         from dauthz.core import enforcer
 
+        enforcer.enable_auto_save(True)
+
         # Add minimum policies for anonymous users
         anonymous_policies = [
             ("/", "*"),
@@ -66,7 +68,6 @@ def ready(self):
             if not enforcer.has_policy("anonymous", resource, action):
                 enforcer.add_policy("anonymous", resource, action)
 
-        enforcer.save_policy()
         print("\n\nAdded minimum policies for anonymous users!")
 
         # Ensure admin users have access to all resources
@@ -76,6 +77,5 @@ def ready(self):
         admin_users = User.objects.filter(is_staff=True, is_superuser=True)
         for user in admin_users:
             enforcer.add_role_for_user(user.username, "admin")
-        enforcer.save_policy()
 
         print("Added admin users to the authorization policy!\n\n")
diff --git a/openedx_authz/views.py b/openedx_authz/views.py
@@ -10,6 +10,8 @@
 from .models import Library
 from .serializers import LibrarySerializer
 
+enforcer.enable_auto_save(True)
+
 
 class LibraryViewSet(viewsets.ViewSet):
     """
@@ -50,7 +52,6 @@ def create(self, request):
                 f"{self.request.path}{library.id}/",
                 "(GET)|(PUT)|(DELETE)|(PATCH)",
             )
-            enforcer.save_policy()
             return Response(LibrarySerializer(library).data, status=status.HTTP_201_CREATED)
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
@@ -98,7 +99,6 @@ def destroy(self, request, pk=None):
         library_title = library.title
         library.delete()
         enforcer.remove_filtered_policy(1, self.request.user.username, f"{self.request.path}{library.id}/", "")
-        enforcer.save_policy()
 
         return Response(
             {"detail": f'Library "{library_title}" has been deleted.'},
@@ -123,9 +123,9 @@ def create(self, request):
         }
         ```
         """
+        enforcer.enable_auto_save(True)
         username = request.data["username"]
         enforcer.add_role_for_user(username, "admin")
-        enforcer.save_policy()
         return Response(f"Admin role assigned to user {username}", status=status.HTTP_201_CREATED)
 
     def destroy(self, request, pk=None):
@@ -135,7 +135,6 @@ def destroy(self, request, pk=None):
         """
         username = pk
         enforcer.delete_role_for_user(username, "admin")
-        enforcer.save_policy()
         return Response(f"Admin role removed from user {username}", status=status.HTTP_204_NO_CONTENT)
 
 
@@ -176,7 +175,6 @@ def create(self, request):
             return Response({"error": "username, obj, and act are required fields"}, status=status.HTTP_400_BAD_REQUEST)
 
         enforcer.add_policy(username, obj, act)
-        enforcer.save_policy()
 
         return Response(
             {
@@ -207,7 +205,6 @@ def destroy(self, request, pk=None):
             return Response({"error": "obj and act query parameters are required"}, status=status.HTTP_400_BAD_REQUEST)
 
         result = enforcer.remove_policy(username, obj, act)
-        enforcer.save_policy()
 
         if result:
             return Response(
